Session Management
Easy authentication is the first step. Creating and managing sessions in a secure and simple ways comes after. Let Corbado handle it for you.
Simple to implement
Secure
Central & JWT-based
Corbado's session management approach
Our session management integrates two distinct yet complementary approaches: short-term and long-term sessions. Both are implemented as cookies and blend to a highly secure and user-friendly solution.
Short-term sessions with JSON Web Tokens (JWTS)
Typical lifetime: rather short, e.g. 5-60 mins.
Benefits: Fast client-side verification, additional user information obtainable through JWT claims
Long-term sessions for central session management
Typical lifetime: rather long, e.g. 1-30 days
Benefits: Comprehensive user, session and device overview, convenient session revocation
Security by simplicity.
Greater security
Combination of short- and longer-term sessions to leverage extra security levels.
Fast verification
Short-term sessions can be verified in milliseconds through standard JWT verification.
Superior control
Long-term sessions can be revoked, providing superior control.
Protecting routes
If certain routes in your application are only accessible to authenticated users, it is essential to protect them by verifying the user's authentication status. The approach for this may vary depending on the overall setup of your application.
App type
Frontend
Backend
Session received via
Regular web app (no SPA)
e.g. Vanilla HTML / CSS / JS
e.g. Node.js / PHP Symfony
Cookie
SPA with Frontend & Backend on same host
e.g. Vue.js / React / Angular
e.g. Node.js / PHP Symfony
Cookie
SPA with Frontend & Backend on different host
e.g. Vue.js / React / Angular
e.g. Node.js / PHP Symfony
Cookie
Multiple Backends (microservice architecture)
e.g. Vue.js / React / Angular
e.g. Node.js / PHP Symfony
HTTP authorization header (bearer token)
Try Corbado now!
No credit card required
Free community plan
For new and existing apps